CDR: Ho to KICK OUT Junkbusters users
I have a website (www.algebra.com) that makes money from banners. I have a suspicion that a small percentage of my users uses Junkbusters proxy in order to avoid seeing my banners. I do not want to serve such users at all and I do not want them to use my bandwidth. Is there any way to detect a user of Junkbusters in a CGI/mod_perl script? Thanks - Igor.
At 11:19 AM -0500 10/28/00, Igor Chudov wrote:
I have a website (www.algebra.com) that makes money from banners. I have a suspicion that a small percentage of my users uses Junkbusters proxy in order to avoid seeing my banners.
I do not want to serve such users at all and I do not want them to use my bandwidth.
Is there any way to detect a user of Junkbusters in a CGI/mod_perl script?
Your presumably-misspelled subject line, "Ho to KICK OUT Junkbusters users," seems ironically appropriate. Though some prefer the spelling "Hoe." As for finding ways to see who is avoiding looking at yoiur advertisements, most of the ad filtering is done at the recipient's machine, right? Gonna be hard for you to reach into their machines to see if they're running ad busters in a local script. As for the ads themselves, who ever looks at them? The doc com ad stream model has been collapsing since its inception...only in the last six months has the message gotten nearer to the dinosaur's brain. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
Tim May wrote:
At 11:19 AM -0500 10/28/00, Igor Chudov wrote:
I have a website (www.algebra.com) that makes money from banners. I have a suspicion that a small percentage of my users uses Junkbusters proxy in order to avoid seeing my banners.
I do not want to serve such users at all and I do not want them to use my bandwidth.
Is there any way to detect a user of Junkbusters in a CGI/mod_perl script?
Your presumably-misspelled subject line, "Ho to KICK OUT Junkbusters users," seems ironically appropriate.
Though some prefer the spelling "Hoe."
As for finding ways to see who is avoiding looking at yoiur advertisements, most of the ad filtering is done at the recipient's machine, right? Gonna be hard for you to reach into their machines to see if they're running ad busters in a local script.
This may or may not be true. This all depends on how junkbusters script works. Perhaps junkbusters filters out all 480x90 images, for instance. In which case I can place a 480x90 transparent gif at the bottom of my entrance page, and upon request of such gif I can set something in the user's cookie that would allow him/her further browsing. A lot of things are computer detectable.
As for the ads themselves, who ever looks at them? The doc com ad stream model has been collapsing since its inception...only in the last six months has the message gotten nearer to the dinosaur's brain.
You are correct, for the most part, but your statement does not apply to all sites. Maybe it is collapsing for companies who hire dozens of programmers to create some trivial nonsensical sites, e.g. drkoop.com. I created my site by myself, with no costs other than my time involved (and I enjoyed doing it anyway, so the true cost is near zero), and banners nicely supplement my income. I am not looking for a multimillion IPO, just looking to make some $$ after all expenses. I have the benefit of a nice name (www.algebra.com), so I do not need to spend any $$ at all to attract visitors. Practically, my site is making money after all expenses (dsl fees etc). One of the most popular features, aside from math help, is "Talk to Splotchy", which is a conversation with an Eliza-like AI program. But unlike Eliza, Spltchy is more like a chatterbox with a lot more personality. Some people even have cybersex with Splotchy. Also, I have a "talk to George W Bush LIVE" section at bush-2000.algebra.com. Basically the same thing but politically educated. - Igor.
At 12:04 PM -0500 10/28/00, Igor Chudov wrote:
As for finding ways to see who is avoiding looking at yoiur advertisements, most of the ad filtering is done at the recipient's machine, right? Gonna be hard for you to reach into their machines to see if they're running ad busters in a local script.
This may or may not be true. This all depends on how junkbusters script works. Perhaps junkbusters filters out all 480x90 images, for instance. In which case I can place a 480x90 transparent gif at the bottom of my entrance page, and upon request of such gif I can set something in the user's cookie that would allow him/her further browsing. A lot of things are computer detectable.
Well, you have it completely within your power to do experiments yourself, right now, at your own site. Visit a site like www.junkbusters.com and download their filters and then apply them against your own site. Everything you need to experiment with blocking their cookie-blocking tools is right there. (I just visited this site, and your own site, www.algebra.com, to see what it is you're so worried about people filtering out. Frankly, your ads were not nearly as obtrusive as some are, e.g., those ads running across the top, the bottom, and on both _sides_. Why you are worried that ads for "Gel Mouse Pads" will get blocked is beyond me...most clueless high school students trying to get your site to do their algebra homework for them will not be bothering with ad-busting proxies and other such filters.) --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
At 11:34 AM 10/28/00 -0700, Tim May wrote:
(I just visited this site, and your own site, www.algebra.com, to see what it is you're so worried about people filtering out. Frankly, your ads were not nearly as obtrusive as some are, e.g., those ads running across the top, the bottom, and on both _sides_. Why you are worried that ads for "Gel Mouse Pads" will get blocked is beyond me...most clueless high school students trying to get your site to do their algebra homework for them will not be bothering with ad-busting proxies and other such filters.)
"We handle banner ads the old fashion way -- we ignore them!" --- | Terrorists - The Boogiemen for a new Millennium. | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | | | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan@ctrl-alt-del.com|
Igor Chudov wrote:
This may or may not be true. This all depends on how junkbusters script works. Perhaps junkbusters filters out all 480x90 images, for instance. In which case I can place a 480x90 transparent gif at the bottom of my entrance page, and upon request of such gif I can set something in the user's cookie that would allow him/her further browsing. A lot of things are computer detectable.
why don't you simply look at the source?
Maybe it is collapsing for companies who hire dozens of programmers to create some trivial nonsensical sites, e.g. drkoop.com. I created my site by myself, with no costs other than my time involved (and I enjoyed doing it anyway, so the true cost is near zero), and banners nicely supplement my income. I am not looking for a multimillion IPO, just looking to make some $$ after all expenses. I have the benefit of a nice name (www.algebra.com), so I do not need to spend any $$ at all to attract visitors.
without sparking a political discussion about the PC of banner ads, your main problem is that banner services (i.e. external sources) are undetectable to you because junkbuster never does anything to YOUR site - it just refuses to grab the ads from the external site. you may have a way if you would serve the banners yourself. but I doubt there's money in that.
At 09:31 AM 10/28/00 -0700, Tim May wrote:
At 11:19 AM -0500 10/28/00, Igor Chudov wrote:
I have a website (www.algebra.com) that makes money from banners. I have a suspicion that a small percentage of my users uses Junkbusters proxy in order to avoid seeing my banners.
I do not want to serve such users at all and I do not want them to use my bandwidth.
Is there any way to detect a user of Junkbusters in a CGI/mod_perl script?
Your presumably-misspelled subject line, "Ho to KICK OUT Junkbusters users," seems ironically appropriate.
Though some prefer the spelling "Hoe."
When I first saw the subject, I was thinking it was some DOE weirdness. I was disappointed to find it was just a typo.
As for finding ways to see who is avoiding looking at yoiur advertisements, most of the ad filtering is done at the recipient's machine, right? Gonna be hard for you to reach into their machines to see if they're running ad busters in a local script.
Actually you can. Junkbusters mucks with the http headers for client type. Figuring out what it does is left as an exercise for the cgi programmer. (As well as getting around the problem of how to do it without cutting off anyone behind a proxy or similar firewall.)
As for the ads themselves, who ever looks at them? The doc com ad stream model has been collapsing since its inception...only in the last six months has the message gotten nearer to the dinosaur's brain.
Sounds like he is trying to squeeze out as much as he can while he can. --- | Terrorists - The Boogiemen for a new Millennium. | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | | | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan@ctrl-alt-del.com|
On Sun, Oct 29, 2000 at 10:42:46AM -0800, Alan Olsen wrote:
At 09:31 AM 10/28/00 -0700, Tim May wrote:
At 11:19 AM -0500 10/28/00, Igor Chudov wrote:
I have a website (www.algebra.com) that makes money from banners. I have a suspicion that a small percentage of my users uses Junkbusters proxy in order to avoid seeing my banners.
I do not want to serve such users at all and I do not want them to use my bandwidth.
Is there any way to detect a user of Junkbusters in a CGI/mod_perl script?
Your presumably-misspelled subject line, "Ho to KICK OUT Junkbusters users," seems ironically appropriate.
Though some prefer the spelling "Hoe."
As for finding ways to see who is avoiding looking at yoiur advertisements, most of the ad filtering is done at the recipient's machine, right? Gonna be hard for you to reach into their machines to see if they're running ad busters in a local script.
Actually you can. Junkbusters mucks with the http headers for client type.
Other filtering proxies don't mess with the Agent line, or let you send whatever you want there ("Hi! I'm running X10 on MVS!"). I don't think that a high percentage of people use filtering proxies. You could make a rough guess by analyzing your log files to see which users are reading the content pages and not requesting the ads... but that's only possible if you're serving the ads yourself. You'd have to account for people who end the session early, therefore don't request the ads. If many sites implement anti-filtering methods, the ad filter writers will figure out a way to get around it. I'd do it. It'd be pretty easy- simply request the ads but don't send them to the browser. I suppose that you could then add 1x1 stealth gifs to the ads to see if the ads are getting to the browser, but then I'd just code the filter to parse the HTML stream and request those .gifs.... you can't win. Besides, if the market for web ads is a free market, the number of people who filter out ads is already factored into the price that you're getting. It's probably about $1.25 a month. :-) -- Eric Murray Consulting Security Architect SecureDesign LLC http://www.securedesignllc.com PGP keyid:E03F65E5
There has recently been some discussion on UKcrypto of a hypothesised eavesdropping-safe boot CD containing OS & necessary software to get encrypted IP links to a (predetermined?) safe site. http://homepage.ntlworld.com/peter.fairbrother/ The "won't be able to import files" and so on sounds familiar from a long time ago. Isn't this the case in the maximum implementation of the old coloured book standards? (Too boring to look it up) Also I'd like to see a "multi-platform CD that users boot from" that would work with OC, Mac, Sun etc... Ken first few lines:
Moot! is a cryptosuite designed to avoid RIPA pt3 and govermnent access to keys/plaintext in general. All storage is in an offshore data haven.
Moot! is designed to consist of a multi-platform CD that users boot from. It is designed to be hard to emulate in software.
It's also open-source, free if I can get enough help, or at least cheap, and I plan to publish the security designs and ask for comments and suggestions (and help!) before actually implementing anything.
It works sort of like this: in the box (on the CD): w/p, spreadsheet, database s/w etc: crypto package: comms s/w eg TCP/IP, modem and ethernet drivers etc.: minimal operating system: no local storage
That looks like an interesting approach, but what if your keyboard (motherboard, monitor, whatever) is bugged? -- Harmon Seaver, MLIS Systems Librarian Arrowhead Library System Virginia, MN (218) 741-3840 hseaver@arrowhead.lib.mn.us http://harmon.arrowhead.lib.mn.us
On Sat, 28 Oct 2000, Tim May wrote:
As for finding ways to see who is avoiding looking at yoiur advertisements, most of the ad filtering is done at the recipient's machine, right? Gonna be hard for you to reach into their machines to see if they're running ad busters in a local script.
Unless they're running Windows with one of the numerous vulnerabilities announced this month. Then it becomes rather easy to reach into their system and do all sorts of nice things. Alexandra
I have a website (www.algebra.com) that makes money from banners. I have a suspicion that a small percentage of my users uses Junkbusters proxy in order to avoid seeing my banners.
I do not want to serve such users at all and I do not want them to use my bandwidth.
Is there any way to detect a user of Junkbusters in a CGI/mod_perl script?
Thanks
- Igor.
Are you payed per impression or display? Odds are blocking them wont make them leave anyways, if there is something of value, they will outsmart your blocking. A common thing for people to do also is to use DNS entries for doublclick and all the other add servers so they dont talk to the hsots, or use other software, JunkBuster is not the only solution. Max Inux <maxinux@openpgp.net> 0xE42A7FB1 http://www.openpgp.net Key fingerprint = E4CA 2B4F 24FC B1BF E671 52D0 9E4B A590 E42A 7FB1 If crypto is outlawed only outlaws will have crypto. 'An it harm none, let it be done'
Max Inux wrote:
I have a website (www.algebra.com) that makes money from banners. I have a suspicion that a small percentage of my users uses Junkbusters proxy in order to avoid seeing my banners.
I do not want to serve such users at all and I do not want them to use my bandwidth.
Is there any way to detect a user of Junkbusters in a CGI/mod_perl script?
Thanks
- Igor.
Are you payed per impression or display? Odds are blocking them wont make
Did you mean "per impression or per click"? I am paid for both, t is a mixture, about 60% are per impression and 40% or so are per click.
them leave anyways, if there is something of value, they will outsmart your blocking. A common thing for people to do also is to use DNS entries for doublclick and all the other add servers so they dont talk to the hsots, or use other software, JunkBuster is not the only solution.
I tried blicking doubleclick via DNS, it did not work well because of their javascript. - Igor.
On Sat, Oct 28, 2000 at 11:19:52AM -0500, Igor Chudov wrote:
I have a website (www.algebra.com) that makes money from banners. I have a suspicion that a small percentage of my users uses Junkbusters proxy in order to avoid seeing my banners.
I do not want to serve such users at all and I do not want them to use my bandwidth.
I don't think you're going to get a lot of sympathy by wanting to force people to view ads. Although it's your bandwidth at the server end, it's the USER's bandwidth (& time) at their end. I nearly always leave images turned off in Netscape so I don't need to wait for ads to download via a modem.
Is there any way to detect a user of Junkbusters in a CGI/mod_perl script?
Good question, I'd say the answer is 'yes' but it's but probably not worth the effort. Your basis would be what files they download (and yes, it seems you could automate assessing this). It seems that you could configure your Web server software to stop serving data to hosts that don't also download the banner images (if the images are coming from YOUR server; this isn't clear -- if not, you might be able to redirect through your server to get the images). This would also block: - people using Lynx (e.g., many blind users or people at public access text-only stations) - people with their images turned off - people who press their browser's STOP button before everything is downloaded Let's assume you could catch Junkbusters users this way. Their workaround might be to GET the banner file, but abort the connection before the file transfers. Much tougher to catch.. You're be burning far more CPU cycles than just for regular Web serving. It's not clear to me that the current Junkbusters (or their Guidescope) software could do be modified to work around such blocking. Your question was whether you could do this type of detection using a CGI/mod_perl script. It seems you could "tail" the server log file to get the data you'd need (& combine with the regular client info you can get from the Web server). You'd also need to maintain a state variable across multiple hits to the server so you know what clients have downloaded the whole set of files you're testing. Seems feasible, but potentially error-prone. -- Greg
On Sat, Oct 28, 2000 at 08:15:22PM -0400, Greg Newby wrote:
Let's assume you could catch Junkbusters users this way. Their workaround might be to GET the banner file, but abort the connection before the file transfers. Much tougher to catch.. You're be burning far more CPU cycles than just for regular Web serving. It's not clear
Interrupted downloads may be reported in Apache's error log... -Declan
At 11:19 AM 10/28/00 -0500, Igor Chudov wrote:
Is there any way to detect a user of Junkbusters in a CGI/mod_perl script?
Most advertising banners come from one of three sources - - advertiser.com/whatever - ads.website.com/whatever (IP address may belong to advertiser.com) - website.com/whatever (website.com's IP address and CGI.) The usual way banner-killers work is to recognize advertiser.com's name and not download pages or accept cookies from there. Some may be fancier and check the IP address as well as the name. It's much harder to junkblock banners that are really on your site - but that means that your advertiser needs to have a setup that lets you work that way, which most don't (partly for fraud prevention, though I suppose it's less of an issue for clickthroughs.) Others may look for banner-shaped things - that's hard to stop. And then there are folks who turn off images entirely :-) Your goal can probably be interpreted as "how to detect whether a user downloaded my advertising banner before showing them real content?". You can't keep them from seeing the text of your main page before they download the banner, because that's what includes the call for the banner image. (You could do one of those initial pages that flashes up briefly and then calls the real page, though.) If your webserver is bright enough (or if you hack it enough yourself), you could keep it from showing future images if the caller hasn't read the image. That's only possible if you know whether they've downloaded your banner, which usually means that the banner has to be hosted on your site rather than the advertiser's. Lots of people turn off cookies - you'd mentioned the issue of using cookies to tell if people have fetched your banner. But even for people who accept cookies, the cookie protocols will only let you fetch cookies with your second-level domain, so you also need to use one of the banner locations with your domain. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Bill Stewart wrote:
At 11:19 AM 10/28/00 -0500, Igor Chudov wrote:
Is there any way to detect a user of Junkbusters in a CGI/mod_perl script?
Most advertising banners come from one of three sources - - advertiser.com/whatever - ads.website.com/whatever (IP address may belong to advertiser.com) - website.com/whatever (website.com's IP address and CGI.)
The usual way banner-killers work is to recognize advertiser.com's name and not download pages or accept cookies from there. Some may be fancier and check the IP address as well as the name. It's much harder to junkblock banners that are really on your site - but that means that your advertiser needs to have a setup that lets you work that way, which most don't (partly for fraud prevention, though I suppose it's less of an issue for clickthroughs.) Others may look for banner-shaped things - that's hard to stop. And then there are folks who turn off images entirely :-)
Your goal can probably be interpreted as "how to detect whether a user downloaded my advertising banner before showing them real content?". You can't keep them from seeing the text of your main page before they download the banner, because that's what includes the call for the banner image. (You could do one of those initial pages that flashes up briefly and then calls the real page, though.) If your webserver is bright enough (or if you hack it enough yourself), you could keep it from showing future images if the caller hasn't read the image. That's only possible if you know whether they've downloaded your banner, which usually means that the banner has to be hosted on your site rather than the advertiser's.
Lots of people turn off cookies - you'd mentioned the issue of using cookies to tell if people have fetched your banner. But even for people who accept cookies, the cookie protocols will only let you fetch cookies with your second-level domain, so you also need to use one of the banner locations with your domain.
A thoughtful message. Thanks. Basically my site absolutely relies on cookies for several things, such as the linear algebra workbench, standardized testing, and "My Homework". Maybe the desire to reject junkbusters users is due to my asshole personality rather than arational business thinking. I think that Tim is right, the clueless kiddos who visit algebra.com do not run junkbusters. - Igor.
At 02:03 PM 10/29/00 -0600, Igor Chudov wrote:
A thoughtful message. Thanks. Basically my site absolutely relies on cookies for several things, such as the linear algebra workbench, standardized testing, and "My Homework".
Using cookies for maintaining state in applications like that is what cookies were originally intended for; it's reasonable to check and remind people to turn them on for those applications. But in general, they won't be useful for determining whether somebody's running a junk buster or not because lots of people do turn them off.
Maybe the desire to reject junkbusters users is due to my asshole personality rather than arational business thinking. I think that Tim is right, the clueless kiddos who visit algebra.com do not run junkbusters.
If 10% of them run junkbusters, it's no real problem for you. If 90% of them do, that'd be a different issue. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Igor Chudov wrote:
I have a website (www.algebra.com) that makes money from banners. I have a suspicion that a small percentage of my users uses Junkbusters proxy in order to avoid seeing my banners.
too bad, you lost. no, there's no way you can do that. I'm operating a junkbuster proxy for 100+ people in the company and let's just say that if you find a way to block us out, I'll find a way to get in again and send the patch in.
Igor Chudov wrote:
I have a website (www.algebra.com) that makes money from banners. I have a suspicion that a small percentage of my users uses Junkbusters proxy in order to avoid seeing my banners.
And what's so special about your website that viewers couldn't find the same content elsewhere, or would be willing to turn out viewing the ads just for your site? If someone's actively filtering out ads from your site, it is of course your right to not let them have access, but it's not likely that they would bend over backwards to tell JunkBusters or one of the other filters to let them view your banners. So unless you have some unique and very compelling/attractive content, you're just going to alienate more users. And setting a cookie on a web tracking GIF is not likely to win you any friends either. Look at it this way, if they're filtering banner ads, they're likely filtering cookies also. Even if you redirect them to a page that says "To view my great wonderous site, turn on cookies and allow banner ads" you are now forcing users to go through even more contortions. At which point the smarter ones will realize that they need a specific cookie, and will just set it by hand. At which point you're likely going to set up dynamic cookies to keep them from reusing old ones, and at which point, someone will add a patch to JunkBusters to allow you to set your cookie, start and abort the downloading of banner ads, and then you're fucked again, until you write an Apache module that checks for aborted banner ads, ad nauseum, etc... Ho indeed. -- ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\ \|/ :aren't security. A |share them, you don't hang them on your/\|/\ <--*-->:camera won't stop a |monitor, or under your keyboard, you \/|\/ /|\ :masked killer, but |don't email them, or put them on a web \|/ + v + :will violate privacy|site, and you must change them very often. --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------
sunder wrote:
Igor Chudov wrote:
I have a website (www.algebra.com) that makes money from banners. I have a suspicion that a small percentage of my users uses Junkbusters proxy in order to avoid seeing my banners.
And what's so special about your website that viewers couldn't find the same content elsewhere, or would be willing to turn out viewing the ads just for your site?
Maybe there is nothing special about my site. And I don't mind junkbusters users going elsewhere. I just do not want them to waste my precious bandwidth.
If someone's actively filtering out ads from your site, it is of course your right to not let them have access, but it's not likely that they would bend over backwards to tell JunkBusters or one of the other filters to let them view your banners. So unless you have some unique and very compelling/attractive content, you're just going to alienate more users.
Well, they are pretty useless to me anyway.
And setting a cookie on a web tracking GIF is not likely to win you any friends either. Look at it this way, if they're filtering banner ads, they're likely filtering cookies also. Even if you redirect them to a page that says "To view my great wonderous site, turn on cookies and allow banner ads" you are now forcing users to go through even more contortions.
They cannot use many features of my site without cookies anyway. These features include a linear algebra workbench (a unique service as far as I was able to determine), standardized testing, "My Homework" and so on. These features store a lot of session information about the users and use cookies to reference the stored data.
At which point the smarter ones will realize that they need a specific cookie, and will just set it by hand.
I am not interested in a war of wits. I think that if 1) I indeed have a nmeasurable part of bandwidth being used by junkbusters users, and 2) junkbusters are easy to detect, then I woul dlike to do it and kick them out. I do not have the mania grandioza to believe that Junkbusters will do anything just because Algebra.com found a smart ass way to detect their users. - Igor.
Igor Chudov wrote:
I do not have the mania grandioza to believe that Junkbusters will do anything just because Algebra.com found a smart ass way to detect their users.
the point is: if you find an easy way, others will likely copy it. therefore, it is likely that there will be a patch.
participants (13)
-
Alan Olsen -
Alex B. Shepardsen -
Bill Stewart -
Declan McCullagh -
Eric Murray -
Greg Newby -
Harmon Seaver -
ichudov@Algebra.Com -
Ken Brown -
Max Inux -
sunder -
Tim May -
Tom Vogt